Terraform Commands Cheat Sheet

Posted : admin | On 01-05-2021



Commands

LZone Cheats Sheets. Terraform plan # dry run terraform apply terraform refresh # sync state with remote resources terraform show terraform destroy terraform validate # validate.tf file terraform taint # mark resource for recreation terraform untaint terraform state push # e.g. Force push state to S3 bucket terraform state pull terraform.tfstate # create a local state copy terraform force. Terraform commands cheat sheet. Terraform CLI Cheat Sheet, Unless terraform plan, apply, destroy and import will not work. The command terraform init will install: Terraform modules; Eventually a backend » Terraform Commands (CLI) For a hands-on tutorial, try. However, you can also retrieve these at any time using the Terraform command. For example, to get the public IP address, you can use the example command below. Terraform output publicip 94.237.45.221. The same way you could ask Terraform about any other output variables. The validate command is used to validate/check the syntax of the Terraform files. A syntax check is done on all the Terraform files in the directory and will display an error if any of the files don’t validate. The syntax check does not cover every syntax common issues.

This is used to download and configure providers in your terraform code:

Resource:https://learn.hashicorp.com/tutorials/terraform/eks

Run the terraform code

Destroy all terraform resources

List all resources

Resource:https://github.com/hashicorp/terraform/issues/12917

Remove something from state

This will remove packet_device called worker from your existing state:

Resource:https://www.terraform.io/docs/cli/commands/state/rm.html

Cause rebuild

Resource:https://www.terraform.io/docs/cli/commands/taint.html

Terraform plan command

Makefile Template

Import existing resources

This particular example will import the OPTIONS method from an API gateway.

Put the following in main.tf:

Then run this command to import it:

You can find the output by running this command:

Another example (import the POST gateway method):
put the following in main.tf:

command to import:

One last example (import stage):
put the following in main.tf:

command to import:

Terraform Basic Commands

Example with security group

Terraform code:

Command to import:

To see the changes:

Terraform Commands Cheat Sheet

AWS

Secrets Manager

Create blank secret:

Resource:https://gist.github.com/anttu/6995f20e641d4f30a6003520f70608b3

Create IAM role to run on an instance and attach it

iam.tf:

iam_role_policy.json:

ec2_iam_role_policy.json - this is going to be variable based on what you want your ec2 instance to do. Here's an eaxmple that allows it to do a bunch of logging stuff:

ec2.tf:

Resources:
https://adrianhesketh.com/2016/06/27/creating-aws-instance-roles-with-terraform/
https://devopslearning.medium.com/aws-iam-ec2-instance-role-using-terraform-fa2b21488536
https://stackoverflow.com/questions/62953164/create-and-attach-iam-role-to-ec2-using-terraform

Import existing IAM role

  1. Create a directory and run terraform init
  2. Create a placeholder like so
  1. Run this command to import the existing role:
  1. Run terraform show to get the block of terraform code that you'll want to implement

Resource:https://mklein.io/2019/09/30/terraform-import-role-policy/

GCP

GCS Backend

If you want to manage your terraform state with a remote backend (you do if you have multiple people managing the infrastructure), you will need to run a couple of command before your first terraform init.

Create the bucket you'll be storing the state in:

Next, enable object versioning to avoid any corruption with your state file:

Finally, create a backend.tfvars with the following commands:

Add this block to your terraform code:

Terraform

At this point, you can run the following to init your terraform:

This will take the variables we defined in the backend.tfvar we created previously and apply them to the gcs backend in the above terraform code.

From here, feel free to run plan and then apply.

Resources:
https://betterprogramming.pub/effective-ways-of-managing-your-terraform-state-44bc53043d5 - great introduction to the concept of terraform state
https://medium.com/swlh/terraform-securing-your-state-file-f6c4e13f02a9 - walkthrough of how to set things up with gsutil

Create ansible hosts file

Terraform Command Line

aws_instance.managed*
ansible_template_builder.tf:

templates/hosts.tmpl:

Resource:
https://www.linkbynet.com/produce-an-ansible-inventory-with-terraform

Packer

Create packer file

Terraform Commands Cheat Sheet

packer_builder.tf:

templates/ami_name_to_use.json.tpl:

Create security group with instance's public ip

If you need to specify a security group that relies on an instance's public IP address and you don't want to use an EIP, you can do the following:

Resource:https://stackoverflow.com/questions/38246326/cycle-error-when-trying-to-create-aws-vpc-security-groups-using-terraform - discovered aws_security_group_rule from here